There are many nuanced and not-so-obvious issues that arise due to how Single Sign-On functionality interacts with local account management on 3rd parties (referred to as relying parties in the context of SSO). Facebook's current actions do not prevent these attacks (2/n).

In our experiments we demonstrated how the Facebook iOS app was exposing the session tokens over unencrypted connections, while in this attack the root cause is a complex combination of three different bugs as explained here: https://t.co/81KSRoliLN (3/n)